The rise of cryptocurrency scams. Here's what you need to know.

Whenever a new technology or development has a big impact on society, crime is never far behind. Cryptocurrency is a prime example. Within a decade most people will have crypto assets and, unlike bank assets, there is no recourse to compensation if your coins are lost or stolen. Consequently you have to be significantly more careful with your crypto than even with your bank accounts. In this article, I'll highlight some of the big dangers to your crypto holdings and some of the measures you should consider taking to protect yourself from cryptocurrency-related crime.

Disclaimer. This article isn't, and doesn't claim to be, a panacea against all cryptocurrency related threats present and future. Instead, I'll be showing how these problems relate to things I'll teach you about on the Web Safety Guru course, with the intention of giving you the correct mindset for thinking about your crypto security. This article was written in November 2021 and the active threats may look very different if you're reading this in 2023.


Bitcoin image

Hacking related threats

While you should treat keeping your regular passwords secret as an issue of the utmost importance, this issue is exponentially more important with your crypto private keys. If you don't have sole access to your private keys, your crypto money could theoretically disappear at any time. To this end, it is vital that this information is not obtainable as a result of a hack. Do not have your private keys written down on an unzipped and unprotected document, especially if this information is on the cloud. In fact, it's good general advice about any important information to say, encrypt everything, zip everything, hide everything.

Regarding exchanges and wallets, you should have unique passwords that you do not use anywhere else, and these should be stronger than any other passwords you have. Make them longer, put in more digits and special characters. Additionally you should follow the wallet's/exchange's recommendations about setting up two factor authentication (2FA). This means that even if your password is compromised, you will have an additional layer of protection for your account. A further level of protection is whitelisting your withdrawal addresses. This means that any withdrawals from your account can only go to an address that your have given prior authorisation to. And if a hacker sets up a new withdrawal address, it will not become eligible for 24 hours, giving you ample time to undo the potential damage.

For more on this topic, I can recommend the videos on Coin Bureau which is an excellent resource for beginners and intermediate crypto users.

Email related threats

Many email related threats follow the same pattern as bank style phishing. An email purporting to come from an exchange will recommend you change your details for security reasons. The link will go to a URL very close to the URL for the real exchange. Numbers substituted for letters is a common trick, for example so you might be directed to c01nbase rather than coinbase. As a rule of thumb, you should always be extremely careful to check your are accessing the genuine site, especially if you are typing it in or using a search engine rather than a bookmark. This is a strong reason for using 2FA and whitelisting, if you give your password to a spoof website, you are facing a partial disaster rather than a complete disaster, and you'll have a bit of time to rectify your mistake by changing your password on the bona fide exchange.

Malware related threats

This section is potentially terrifying. One family of viruses are keyloggers which record everything you type. Another family of viruses intercept and change the wallet addresses you wish to send coins to. If you are sending funds to an address for the first time, best to send a small test amount, if you can, in order to verify the funds have reached the correct destination (if not they could well be gone forever). It sounds extreme but, if you are sending a significant amount of funds, you should literally check every single character in the destination address.

Extra security measures to consider. While regular virus checks are a good idea in any case, you should be even more regular if you are planning to log into an exchange or online wallet. Additional steps you may wish to consider are using a different browser for your crypto and even using a different machine for it. One further suggestion to consider is using a machine running on linux for this purpose. The reasoning behind this is that linux operating systems are generally said to be less prone to viruses than Windows. However I cannot guarantee that this will always be the case.


Leading crypto currencies

Social Media related threats

Some of the crypto social media 'influencers' are incredibly popular and will have their own accounts on Twitter, Facebook, YouTube and elsewhere. If you react to a post on one of these sites, you may find yourself receiving a direct message purporting to be from that influencer. This message will generally invite you to invest some of your coins in a "can't lose" investment opportunity, for example a coin that they are going to shill in their next video. These scammers are really trying to get you to send some of your assets to their wallet. If you look carefully, you'll see they will have set up a fake profile, like the genuine profile but with a number at the end. They will even have replicated some of the posts and photos from the real account. Basically this is like the identity theft you'll see when you receive a Facebook friend request from a person you're already friends with, the main difference is that these scammers will be far more thorough, and will have replicated a lot more content in order to make their account look convincing.

YouTube scams. A scammer will post special offers in the comments section of a legitimate video from an influencer. The URL will contain the scam. Likewise you will occasionally see adverts on YouTube purporting to be Elon Musk giveaways where if you send him 1 Bitcoin, you'll get 2 in return. How anybody falls for these scams is a mystery, however they do and these adverts are disgracefully still available on YouTube from time to time.

Threats outside the home

Just as you should always be extra careful about what internet activity you are doing on a public network, you should be extra, extra careful about conducting your crypto business on a public network. Always ask yourself who might be sharing the public network you are on and whether you actually need to be exposing your information to additional risk by doing your trade in the pub rather than at home.

Conclusion

This article doesn't list every possible risk and scam related to crypto, however it gives you a good overview of the kinds of threats you need to be alert to. While I'm not yet running a crypto-specific course (I may consider this in future if there's demand) the topics covered in my general Web Safety Guru course will give you a good grounding in how to protect yourself from crypto-related threats.


ABOUT WEB SAFETY GURU

Web Safety Guru offers one to one computer training designed to keep you safe online.

We'll discuss: passwords and security, email scams, viruses and malware, cookies and privacy, safety on social media and safety on public networks.

Visit the homepage to learn more about the options for Zoom courses and home tuition.